sleuthkit
An open-source forensic toolkit for analyzing disk images and file systems to identify and recover digital evidence.
What is sleuthkit?
The Sleuth Kit is an open-source forensic toolkit consisting of a library and command-line tools for analyzing disk and file system images to investigate digital evidence. It allows forensic analysts to examine volume and file system data from raw images created by tools like 'dd', supporting file systems such as NTFS, FAT, FFS, and EXT2FS. The toolkit helps identify and recover evidence from both allocated and unallocated data during incident response or forensic investigations.
Digital forensic investigators, incident responders, and security analysts who need to analyze disk images for evidence recovery and file system examination. It is also suitable for developers building larger forensic tools who can incorporate the TSK library.
Developers and investigators choose The Sleuth Kit because it is open-source, allowing verification and customization of forensic actions, and it provides a comprehensive, low-level toolset for detailed file system analysis. Its platform independence and support for multiple file systems make it a reliable, foundational tool in digital forensics.
Overview
The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
Use Cases
Best For
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
